Addessing review comments

hashicorp · Mar 16, 2016 · 6f2b428 · 6f2b428
1 parent cfbab2c
commit 6f2b428
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 18 deletions.
diff --git a/builtin/credential/userpass/path_user_password.go b/builtin/credential/userpass/path_user_password.go
@@ -24,6 +24,8 @@ func pathUserPassword(b *backend) *framework.Path {
 			},
 		},
 
+		ExistenceCheck: b.userPasswordExistenceCheck,
+
 		Callbacks: map[logical.Operation]framework.OperationFunc{
 			logical.UpdateOperation: b.pathUserPasswordUpdate,
 		},
@@ -33,6 +35,10 @@ func pathUserPassword(b *backend) *framework.Path {
 	}
 }
 
+func (b *backend) userPasswordExistenceCheck(req *logical.Request, data *framework.FieldData) (bool, error) {
+	return true, nil
+}
+
 func (b *backend) pathUserPasswordUpdate(
 	req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
 
@@ -42,6 +48,9 @@ func (b *backend) pathUserPasswordUpdate(
 	if err != nil {
 		return nil, err
 	}
+	if userEntry == nil {
+		return nil, fmt.Errorf("username does not exist")
+	}
 
 	err = b.updateUserPassword(req, d, userEntry)
 	if err != nil {

diff --git a/builtin/credential/userpass/path_user_policies.go b/builtin/credential/userpass/path_user_policies.go
@@ -1,6 +1,7 @@
 package userpass
 
 import (
+	"fmt"
 	"strings"
 
 	"github.com/hashicorp/vault/logical"
@@ -21,6 +22,8 @@ func pathUserPolicies(b *backend) *framework.Path {
 			},
 		},
 
+		ExistenceCheck: b.userPoliciesExistenceCheck,
+
 		Callbacks: map[logical.Operation]framework.OperationFunc{
 			logical.UpdateOperation: b.pathUserPoliciesUpdate,
 		},
@@ -30,6 +33,10 @@ func pathUserPolicies(b *backend) *framework.Path {
 	}
 }
 
+func (b *backend) userPoliciesExistenceCheck(req *logical.Request, data *framework.FieldData) (bool, error) {
+	return true, nil
+}
+
 func (b *backend) pathUserPoliciesUpdate(
 	req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
 
@@ -39,6 +46,9 @@ func (b *backend) pathUserPoliciesUpdate(
 	if err != nil {
 		return nil, err
 	}
+	if userEntry == nil {
+		return nil, fmt.Errorf("username does not exist")
+	}
 
 	err = b.updateUserPolicies(req, d, userEntry)
 	if err != nil {

diff --git a/builtin/credential/userpass/path_users.go b/builtin/credential/userpass/path_users.go
@@ -54,21 +54,20 @@ func pathUsers(b *backend) *framework.Path {
 }
 
 func (b *backend) userExistenceCheck(req *logical.Request, data *framework.FieldData) (bool, error) {
-	username := data.Get("username").(string)
-	if username == "" {
-		return false, fmt.Errorf("missing username")
-	}
-
-	userEntry, err := b.user(req.Storage, username)
+	userEntry, err := b.user(req.Storage, data.Get("username").(string))
 	if err != nil {
 		return false, err
 	}
 
 	return userEntry != nil, nil
 }
 
-func (b *backend) user(s logical.Storage, n string) (*UserEntry, error) {
-	entry, err := s.Get("user/" + strings.ToLower(n))
+func (b *backend) user(s logical.Storage, username string) (*UserEntry, error) {
+	if username == "" {
+		return nil, fmt.Errorf("missing username")
+	}
+
+	entry, err := s.Get("user/" + strings.ToLower(username))
 	if err != nil {
 		return nil, err
 	}
@@ -132,9 +131,11 @@ func (b *backend) userCreateUpdate(req *logical.Request, d *framework.FieldData)
 	}
 
 	// "password" will always be set here
-	err = b.updateUserPassword(req, d, userEntry)
-	if err != nil {
-		return nil, err
+	if _, ok := d.GetOk("password"); ok {
+		err = b.updateUserPassword(req, d, userEntry)
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	if _, ok := d.GetOk("policies"); ok {
@@ -144,18 +145,14 @@ func (b *backend) userCreateUpdate(req *logical.Request, d *framework.FieldData)
 		}
 	}
 
-	ttlStr := ""
+	ttlStr := userEntry.TTL.String()
 	if ttlStrRaw, ok := d.GetOk("ttl"); ok {
 		ttlStr = ttlStrRaw.(string)
-	} else if req.Operation == logical.CreateOperation {
-		ttlStr = d.Get("ttl").(string)
 	}
 
-	maxTTLStr := ""
+	maxTTLStr := userEntry.MaxTTL.String()
 	if maxTTLStrRaw, ok := d.GetOk("max_ttl"); ok {
 		maxTTLStr = maxTTLStrRaw.(string)
-	} else if req.Operation == logical.CreateOperation {
-		maxTTLStr = d.Get("max_ttl").(string)
 	}
 
 	userEntry.TTL, userEntry.MaxTTL, err = b.SanitizeTTL(ttlStr, maxTTLStr)
@@ -169,7 +166,7 @@ func (b *backend) userCreateUpdate(req *logical.Request, d *framework.FieldData)
 func (b *backend) pathUserWrite(
 	req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
 	password := d.Get("password").(string)
-	if password == "" {
+	if req.Operation == logical.CreateOperation && password == "" {
 		return nil, fmt.Errorf("missing password")
 	}
 	return b.userCreateUpdate(req, d)